If I understood all this correctly, the updated microcodes should be forcing the CPU to do these MSR writes (or the low level action which stands behind them) by default. So that, when you got this updated microcode on your CPU, its already fixed and no further operations are necessary!
At the moment both me and Mike have sent many letters to AMD (example provided below, you could use its parts as well). Have not received any good reply yet (only one reply, with a stupid link to spectre v2 description page and without any files attached) - but we are trying hard and hope to eventually reach a smart person at AMD who could help us...
By the way, these microcodes from platomav github page - are from february/march, and I believe they do not contain a spectre v2 fix. So we hope to either eventually get these microcodes from AMD, or to somehow extract them from a super bloated Win10 update, or to try to extract them from the updated BIOSes of other companies when they come out
=== 1) go to amd support page and open a ticket form 2) set company as "coreboot" or "coreboot BIOS" Subject: Updated microcode for coreboot BIOS devs We, the coreboot BIOS developers, have not received any microcode updates from AMD (aimed towards patching the spectre v2 vulnerability). AMD sent these updated microcode binaries to many motherboard and BIOS development companies, but forgot to send these files to us at coreboot! Could you please provide a standalone download of your updated microcode binaries, to make it possible for us to include them to our coreboot BIOS running on AMD platforms ? We will appreciate if you will share these updated microcode binaries with us - maybe together with SHA-256 or SHA-512 hashes of these files or GnuPG signatures to ensure the security of transaction Best regards, Ivan Ivanov, coreboot BIOS firmware engineer
P.S. Although, ideally these new updated microcodes should be committed tokernel/git/firmware/linux-firmware.git repository --> directory called "amd-ucode" .Currently it contains the following files: microcode_amd.bin ,microcode_amd.bin.asc , microcode_amd_fam15h.bin ,microcode_amd_fam15h.bin.asc , microcode_amd_fam16h.bin ,microcode_amd_fam16h.bin.asc .They have been last updated at 2015/16 year, and we would like to see them updated again
2018-04-25 4:02 GMT+03:00 awokd via coreboot coreboot@coreboot.org:
On Tue, April 24, 2018 11:31 pm, Nico Huber wrote:
On 25.04.2018 00:18, Taiidan@gmx.com wrote:
I can't believe everyone else is so nonchalant about all this considering how important it is I still haven't figured out how to update the microcode on any of my computers - no guides I have found actually work and no distros have the new microcode for intel or amd despite it having been months.
I'm not nonchalant, but I'm not entirely sure what to do with those patch files and was hoping to see a new amd microcode 15h bin with them incorporated.
I can't believe everybody is so nonchalant about Rowhammer but many people make a big thing out of the comparatively tiny Spectre problem.
For the best security one should have both the new microcode and the lfence msr?
Not for the best but for any security, you have to understand first that both options only change something if your software is prepared to uti- lize them. First update your software, then check what it needs / what the developers expect (the new microcode I'd guess).
If I remember the earlier discussion right on that lfence msr, the OS can also set it so although it would be nice if coreboot did as well, it's not required?
-- coreboot mailing list: coreboot@coreboot.org https://mail.coreboot.org/mailman/listinfo/coreboot